General
-
Target
16a3028370eda7b713222c92f4ef9285a0c04ca8c653dbe4df1953e9c215bc45
-
Size
23.5MB
-
Sample
220508-d2axnshbfm
-
MD5
aaf3b4aac9236db215c58091f7910c1c
-
SHA1
f237c3e542d7f906aeed35fcdee14e337ee4c465
-
SHA256
16a3028370eda7b713222c92f4ef9285a0c04ca8c653dbe4df1953e9c215bc45
-
SHA512
54a7e2fb5a1a08c6d419f4faade960f409ab8faeb11dec62c08db8854a3402577e78d8b22506dea8789088703be554c25fca09fda3fe6dcd91dc2a24fa721081
Static task
static1
Behavioral task
behavioral1
Sample
16a3028370eda7b713222c92f4ef9285a0c04ca8c653dbe4df1953e9c215bc45.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
16a3028370eda7b713222c92f4ef9285a0c04ca8c653dbe4df1953e9c215bc45
-
Size
23.5MB
-
MD5
aaf3b4aac9236db215c58091f7910c1c
-
SHA1
f237c3e542d7f906aeed35fcdee14e337ee4c465
-
SHA256
16a3028370eda7b713222c92f4ef9285a0c04ca8c653dbe4df1953e9c215bc45
-
SHA512
54a7e2fb5a1a08c6d419f4faade960f409ab8faeb11dec62c08db8854a3402577e78d8b22506dea8789088703be554c25fca09fda3fe6dcd91dc2a24fa721081
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-